From: Tom Lane Date: Fri, 19 Feb 2021 03:38:55 +0000 (-0500) Subject: Fix another ancient bug in parsing of BRE-mode regular expressions. X-Git-Tag: REL9_6_22~46 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab208421eeb785fc72a3e7fc1122127029165392;p=thirdparty%2Fpostgresql.git Fix another ancient bug in parsing of BRE-mode regular expressions. While poking at the regex code, I happened to notice that the bug squashed in commit afcc8772e had a sibling: next() failed to return a specific value associated with the '}' token for a "\{m,n\}" quantifier when parsing in basic RE mode. Again, this could result in treating the quantifier as non-greedy, which it never should be in basic mode. For that to happen, the last character before "\}" that sets "nextvalue" would have to set it to zero, or it'd have to have accidentally been zero from the start. The failure can be provoked repeatably with, for example, a bound ending in digit "0". Like the previous patch, back-patch all the way. --- diff --git a/src/backend/regex/regc_lex.c b/src/backend/regex/regc_lex.c index f9118e8e42a..e44e2be3f3d 100644 --- a/src/backend/regex/regc_lex.c +++ b/src/backend/regex/regc_lex.c @@ -389,7 +389,7 @@ next(struct vars * v) { v->now++; INTOCON(L_BRE); - RET('}'); + RETV('}', 1); } else FAILW(REG_BADBR);